Troj/Bdoor-IP is a backdoor Trojan for the Windows platform.
Troj/Bdoor-IP includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Bdoor-IP copies itself to <Windows>\comm.exe.
The following registry entry is created to run comm.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Timer
<Windows>\comm.exe /i
Registry entries are created under:
HKLM\SOFTWARE\Cat\
Troj/Bdoor-IP may attempt to send stolen system information to a remote website.
Troj/Bdoor-IP may also execute commands from a remote website.